Data Policy

ODAPTIC complies with all the mandatory requirements at law. We also take precautions regarding our operations in these additional ways:

  1. Data and privacy protection

    2. ODAPTIC appreciates the gravity of being granted access to client information and adheres to strict security protocols to protect this information. Our established and embedded Data and Privacy policy aligns with industry best-practice standards (ISO:27001/29151).

  2. Our information security controls include, but are not limited to:

    3. Adherence to the essential cybersecurity principles laid out by the Australian Signals Directorate, including restriction of administrative privileges, disabling of tools and untrusted macros, and two-factor authentication

    Our data is exclusively hosted within Australia, as we've selected the Southeast Australia region on your behalf for all related services. This ensures compliance with Australian data sovereignty requirements by storing your data in local data centers. This decision aligns with stringent privacy and regulatory standards, ensuring your data never leaves the Australian jurisdiction.

    Our data benefits from robust encryption measures both when stored and during transmission. By leveraging Microsoft Power Platform services, including Dataverse, data is protected using leading security practices. Specifically, technologies such as Transparent Data Encryption (TDE) safeguard your stored data — covering database files, backups, and logs. For data in motion, we rely on secure protocols to maintain its confidentiality and integrity, ensuring information remains secure under management of our IT Provider.

    Integration of information security training and processes into induction, employment and post-employment processes

    ICT assets and physical documents are stored in a secure (double-bolted) office to which access is restricted to authorised personnel

    Adherence to a clean desk policy to minimise potential exposure of sensitive materials.

    Project documents are stored in the Cloud. User access to documents is controlled with permissions and audit reports are conducted to monitor their use.

    Confidentiality agreements are required of all subcontractors, employees, and networking guests.

    Records which are not necessary to retain are destroyed in accordance with the guidelines set out in company policy.

    The establishment of processes to allow for the secure use of mobile and teleworking facilities: e.g. employees are not authorised to access sensitive information on insecure mobile devices, and anti-virus software is renewed recurrently.

    In the unlikely event of a data breach, ODAPTIC commits to remediation and notification in adherence with the guidelines laid out by the Office of the Australian Information Commissioner (2017)